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About this guide 
About Qualys 


About this guide 


Thank you for your interest in Qualys Offline Scanner Appliance. This lets you scan for 
vulnerabilities in secure air gap networks that do not have Internet access. We'll help you 
get started quickly. 


About Qualys 


Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and 
compliance solutions. The Qualys Cloud Platform and its integrated apps help businesses 
simplify security operations and lower the cost of compliance by delivering critical 
security intelligence on demand and automating the full spectrum of auditing, 
compliance and protection for IT systems and web applications. 


Founded in 1999, Qualys has established strategic partnerships with leading managed 
service providers and consulting organizations including Accenture, BT, Cognizant 
Technology Solutions, Deutsche Telekom, Fujitsu, HCL, HP Enterprise, IBM, Infosys, NTT, 
Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The company is also a 
founding member of the Cloud Security Alliance (CSA). For more information, please visit 
www.qualys.com 


Qualys Support 


Qualys is committed to providing you with the most thorough support. Through online 
documentation, telephone help, and direct email support, Qualys ensures that your 
questions will be answered in the fastest time possible. We support you 7 days a week, 
24 hours a day. Access support information at www.qualys.com/support/ 


Get Started 
Some things to consider... 


Get Started 


Qualys Offline Scanner Appliance lets you scan for vulnerabilities in secure air gap 
networks that do not have Internet access. This is distributed as a virtual appliance for 
VMware Workstation. 


Some things to consider... 


1) You'll need VMware Workstation, VMware Workstation Player or VMware Fusion. Note 
that steps to configure offline scanner is same for all the three VMs. In the guide, we have 
provided configuration steps for VMware. If you are using VMware Workstation Player or 
VMware Fusion, see VMware Configuration. 


2) We do not support Oracle VM VirtualBox. 


3) Check network access to scanners to ensure you can connect to the Qualys Cloud 
Platform (this is required for activation to be successful). Learn more 


4) Your offline virtual scanner appliance has 2 modes: CLOUD SYNC and OFFLINE 
SCANNING. You'll be in CLOUD SYNC mode to start. You'll switch to OFFLINE SCANNING 
mode when you're ready to scan. Be sure to review your network settings in VMware 
before you switch modes. Bridged mode is required for scanning. Learn more 


Overview 


First use the Console Interface for the initial Personalization workflow. 


——— = This workflow will complete the registration of 
© the appliance within your account. Later you'll 
Qualys. ARE. nu à 

use this interface for low-level administration 
(i.e. reboot, shutdown). 


Qualys® Scanner Console, Web UI URL is https://192.168.247.136:8080/ 
Name: My_Scanner_08, LAN IP: 192.168.78.139 


How does it work? This is equivalent to 
plugging a keyboard/mouse/monitor into a 
hardware appliance and can't be directly 
reached over a network. It is only viewable 
through console access provided by the 
virtualization software. 


Get Started 
About managing instances 


Then use the Web User Interface for scanning. 
This is where you launch scans and manage 
(9 Qualys. scanner Ee ne your account data (option profiles, scan 
"M — — UÜ Sans results). The web user interface can be 
accessed using any standard web browser (e.g. 
Internet Explorer, Chrome, Firefox) running on 
sear the host OS. The virtual NIC for the web 
Host Details Total Vulnerabilities Confirmed Potent interface should be deployed ona host-only 


DNS Name WIN-31-169.qualys.... 1 
ne 


network between the host (e.g. Windows) and 
the appliance virtual machine. 
O QD Tite 


L] 90882 Windows Remote Desktop Protocol Weak Encryption Method Allowed 
View 


About managing instances 


Instance Snapshots/Cloning Not Allowed 


Using a snapshot or clone of a scanner instance to create a new instance is strictly 
prohibited. The new instance will not function as a scanner. All configuration settings and 
platform registration information will be lost. This could also lead to scans failing and 
errors for the original scanner. 


Moving/Exporting Instance Not Allowed 


Moving or exporting a registered scanner instance from a virtualization platform (HyperV, 
VMware, XenServer) in any file format to a cloud platform (AWS, Azure, GCE, OpenStack) 
is strictly prohibited. This will break scanner functionality and the scanner will 
permanently lose all of its settings. 


It’s easy to add an Offline Scanner 


You can add an offline scanner to your account in just a couple of minutes. Then you'll be 
ready to scan devices in your secure air gap network. Let's do it! 


Start the Wizard 


Go to Scans > Appliances and select New > Offline Scanner Appliance 


Don't see this option? 


(3) Scans ^ Scans Maps Schedules Appliances 


That means the Offline 
Scanner feature is not 
enabled. Please contact 
Qualys Support or your 
Technical Account Manager 


| New w || Search 


Scanner Appliance. 


pliance a ID 


Ji nua ica Appliance 
Offline Scanner Appliance 


Replace Scanner Appliance... 


Scanner 202962005 


[Scanner2 202059466 


Download... 


Get Started 
Start the Wizard 


Click Start Wizard and we'll walk you through the steps. 


You have 2 offline scanner license(s) available. Choose one of the options below to get started 


Get Started Download Image 
Only 
| want to download the 
offline image now and 
configure my scanner later. 


| Have My Image 


Help me to select the right I'm ready to complete the 


configuration of my scanner. 


offine image and configure 
my scanner. 


Start Wizard > 


Download 


Close 


Add New Offline Scanner x 


it 


Download the image Give your scanner a name and choose VMware Workstation. 


Download Offline Scanner Image 


Give your scanner a name and choose the virtualization platform you 
want to use for your scanner. 


Offline Scanner Name 


My_Scanner_08 


Choose a Virtualization Platform 
VMware Workstation 


Close 


We support VMware 
Workstation on Windows. 
The image should be 
expected to work on other 
virtualization platforms but 
we can only assist in 
troubleshooting on this 
supported platform. 


x 


Get your personalization code You'll want to copy the code to a safe place (you'll need it 
later). Once you have your code you can close the wizard. 


Activate Your Offline Scanner 


Configure your scanner and activate it using the personalization code below. For more 


help, review the configuration guide for step-by-step instructions. 
Ea. 


Offline Scanner Name 
My_Scanner_08 


Personalization Code 
4 5463520727055 


Enter your personalization code 


Need help configuring your offline scanner? 
See How To steps at the Qualys Community 


Add New Offline Scanner x 


Configure your Offline Scanner 


Get Started 
Configure your Offline Scanner 


Start your virtualization platform Locate the offline scanner image file (starts with 
qVSA-O) on your local system, open the image and power on the virtual machine. 


Do you have a proxy? You'll need to tell us about your proxy server. 


d qVSA-O-2:1.0-1-open - VMware Player (Non-commercial use only) C -— So) 
Payer ~ | Oy ch mi iy « 
© Qualys. 
Qualys® Scanner Console, Web UI URL ig https://192.168.247.136:8080/ 
4 
Personalize this scanner H 
Show network settings Copy this URL into..." 
System shutdown a browser to make 
proxy settings 
System reboot 
Version info: 3.7.58-1 
Exit this menu? (Y/N) 
L 
css | 
B P|*|&e*e&-- 


You are allowed ta setup a proxy far all outbound communications, Enable 
below and provide an 1P address Other settings are optional. 


Enabled 


Proxy IP 104022 


Copy the Web UI URL and paste it into a 
new browser window. 


Click the text link on the screen to 
configure proxy settings. 


Enter the IP address (required) and port 
number (8080 is implied but can be 
changed). If the proxy server requires 
authentication enter the proxy user name 
and password. 


After saving your settings, return to the 
Scanner Console to personalize your 
scanner. 


Personalize the scanner Follow these steps in the Scanner Console. 


TE qVS4-0-2110-L-open - VMware Player (Non-commercial use oni) 


Peyer + | DD ~ ch mL < 


© Qualys. 


Qualys® Scanner Console, Web UI URL is https://192.168.247.136:8080/ 


Personalize this scanner 
Show network settings 
System shutdown 
System reboot 

Version info: 3.7,58-1 


Exit this menu? (Y/N) 


Press the Right arrow to select "Personalize 
this scanner” and then type in your 
personalization code. 


Don't have your personalization code? Log 
in to Qualys and get it from the Scans » 
Appliances list. 


Now your scanner will connect to the 
Qualys Cloud Platform to complete the 
activation and download the latest 
software. 


Wc n a nu 


Player ~ | D~ ch b ow « 


© Qualys. 


Personalize 


Update in progress 35% 


Personalize this scanner Enter personalization code: 20262654781665 
Show network settings list 
System shutdown 

System reboot 

Version info: 3.7.58-1 


Exit this menu? (Y/N) 


Payer ~ | D ch mL oW « 


| © Qualys. 


Qualys® Scanner Console, Web UI URL is https://192.168.247.136:8080/ 
Name: My_Scanner_08, LAN IP: 192.168.78.139 


We recommend a few things 


Get Started 
We recommend a few things 


You'll see the activation progress. 
Having trouble activating your scanner? 
1 - Check settings in VMware. Learn more 


2 - Check network access to scanners. Log 
in to Qualys and go to Help » About to see a 
list of URLs (at the SOC) that your scanner 
must be able to contact on port 443. Learn 
more 


Upon success you'll see this scanner's 
name and IP address. That's it! You've 
added your offline scanner to your account. 


Note the Web UI URL.You'll need this in a 
couple minutes to log in to the Scanner's 
Web UI. 


Check the scanner appliance status Go to Scans » Appliances, and select your scanner to 


see details in the preview pane. 


Vulnerability Management — v 


Dashboard Scans Reports Remediation Assets KnowledgeBase Users 


© scans Scans Maps 


Schedules Aoriances M E MESS LIE 


| New vw | | Search 
Appliance: + 0 LAN IP. 


WANIP Polling Scanner 


My. Scannera 20151988736994 0 seconds 


(ren 


My. Scanner 08 


1D: 2014431059210: 


20144310592108 10.100.16.106 — 30 seconds 71014 A 


(Manager) | Connected 


ed on: 08/22/2014 at 14:15:08 (GMT-0700) | Connected 


ra 


2.2.751-1 


Available Capacity 


100% 


Is your scanner ready? $ tells you the 
scanner is connected to our Cloud 
Platform and you're ready to start 
scanning. 


It can take a few minutes for the Qualys 
user interface to get updated after you 
add a new appliance. Please refresh your 
browser periodically to see the latest 
details. 


Get Started 
Log in to the Web User Interface 


Tell us the option profiles you want to use Go to Scans » Option Profiles, edit the 
profile(s) you want to use for offline scanning and select the option "Make this option 
profile available to all offline scanners”. 


Doing this now will save you time later. 
These profiles will be ready to use for 
your first scans. 


New Option Profile 


— 


Scan Title: * Offline Scanning 


Map Owner Patrick Slimmer (Manager: quays tt1 ) |» 


E Setthis as the default option profile when launching maps and sca 


[El Make this a globally available option profile 


[V] Make this option profile available toall offline scanners 


Log in to the Web User Interface 


Open a new browser window and enter the Web UI URL. Then use your personalization 
code for the initial password - you'll be prompted to change it right away. 


(File Edit View History Bookmarks Tools Help 


= 


Enter the Web UI URL 
from the Scanner 
Console 


© Qualys. Scanner Enter your 


personalization 


Scanner name My_Scanner_08 


Congrats, you're now logged in and ready for offline scanning! 
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Start Offline Scanning 


Start Offline Scanning 


We'll help you launch a vulnerability scan on your secure air gap network using the offline 
virtual scanner that you set up on your laptop. 


A quick look at the Web UI 


| | 9 do/o sic c ‘i m My. Scanner. 08 | Help | Log out 
c m hange mode v e+** 
l Qualys. Scanner E 
Scans Option Profiles Knowledge Base Settings 
e " — 9... 
-2 3 "4 "5 
9 New Scan O scans 13 


[] Name Target Type ScanStatus Scan Date Upload Status Upload Date 


There are no records corresponding to filters, if any 


1 Atthe top of the screen you'll see important details about your virtual scanner like 
its assigned IP address on the current network, the mode it's in - CLOUD SYNC or 
OFFLINE SCANNING - and when it last connected (synced) to the Qualys Cloud 
Platform. 


2 Start new scans, view and download scan results, mark scans to be uploaded. 
3 Check out the option profiles available for offline scanning. 


4 Search and view the vulnerability checks (QIDs) that your offline scanner can 
perform. 


5 Setupa static IP configuration for offline scanning and a proxy for cloud syncing. 


CLOUD SYNC vs. OFFLINE SCANNING 


The first time you log in your virtual scanner (and every time your appliance 
comes online from a hard boot) it will be in CLOUD SYNC mode, and your 
virtual scanner can connect to our Cloud Platform. This is used to download 
option profiles, get the latest vulnerability checks and upload scan results to 
your Qualys account. You'll switch to OFFLINE SCANNING mode when you're 
ready to start a scan. In this mode your virtual scanner is connected to the 
secure network you want to scan, and it will not attempt to call home to the 
Qualys Cloud Platform via the Internet. 
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Start Offline Scanning 
All about the modes 


All about the modes 


CLOUD SYNC Mode 


Your offline scanner connects to the Qualys Cloud Platform to pull down option profiles, 
software updates and signature updates, and push up scan results. 


Scanner calls OUTBOUND to sync Q, ORETTE 
with Platform Be 


pushes up: 


* scan results 


* pulls down: 
* Option Profiles 
* software updates 
* signature updates 


ffline-capable 
Virtual "d Kopiante in 
CLOUD SYNC MODE 


OFFLINE SCANNING Mode 


Your offline scanner connects to the secure network you want to scan, and it will not 
attempt to call home to the Qualys Cloud Platform via the Internet. 


Qualys Cloud Platform 


e 


Offline-capable Virtual Scanner Appliance in 


OFFLINE SCANNING MODE 


Switching between modes 


Each time you switch modes (from CLOUD SYNC to OFFLINE SCANNING and vice versa) 
we will suspend your virtual scanner and then you'll manually resume it using VMware. 
Before making a switch, you must edit the network settings in VMware to prepare it for the 
new mode. That way your scanner has the correct settings when it is resumed. Learn more 
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Start Offline Scanning 
All about the modes 


Static IP configuration 


When you're in OFFLINE SCANNING mode, we'll use DHCP by default to get an IP address 
for your scanner. You can, however, set up a static IP configuration if you prefer. It's easy to 
do. Choose "Manual" under Network Settings. Enter the IP address, netmask, default 
gateway and DNS servers. Each time you're in OFFLINE SCANNING mode, we'll use the 
static IP configuration. (Note - We always use DHCP in CLOUD SYNC mode.) 


My. Scanner. 08 | Help | Log out 


© Qualys. Seanner ER MODE: @ CLOUD SYNC Change mode v 
. Sca 


Jul 14, 2016 at 12:27 PM 


Scans Option Profiles Knowledge Base 


Settings - Offline Scanning Settings - Cloud Sync 
w eal 


Network Settings Proxy Settings 
Manual Enabled 
IPAddress: — 10.100.11.128 Proxy IP: 1020042212 
Netmask: 255.255.255.0 Proxy Port: 
Gateway: 10.100.11.1 Proxy User: — jdoe 


DNS1 10001 Proxy 
Password: 


DNS2: 10002 


Save Cancel 


When should I make these settings? You can do this any time, in either mode. If you're in 
OFFLINE SCANNING mode, we’ll make the change from DHCP to Static immediately and 
perform a network refresh. If you’re in CLOUD SYNC mode, we'll save your settings and 
apply them the next time you switch to OFFLINE SCANNING mode. 


Network Proxy configuration 


You have the option to set up a proxy for outbound communications when in CLOUD 
SYNC mode. Choose “Enable” under Proxy Settings and tell us about your proxy server. 
Enter the IP address (required) and port number (8080 is implied but you can change this). 
If the proxy server requires authentication then you'll also need to enter the proxy user 
name and password. 


| DANDIN d " My. Scanner. 08 | Help | Log out. 
SCANNER MODE ange mode v 
. Scanne 
Qualys. scanner Jul 14, 2016 at 12-27 PM 
Scans Option Profiles Knowledge Base 
Settings - Offline Scanning Settings - Cloud Sync 
in Off For cloud syncing. you are allowed to set up a proxy for all outbound 


When your s ing Mode, we'll use DHCP by default to 
assign want to con 
(Not 


y 
figure a static IP instead. ns. Enable below and provide an IP address. Other settings are 


te 
Network Settings Proxy Settings 

Manual T Enabled 

IPAddress: 10.100.11.128 Proxy IP: 1020042212 
Netmask: 255.255.255.0 Proxy Port: 8080 
Gateway: 10.100.11.1 Proxy User: 


DNS1 10001 Proxy 
Password: 


DNS2: 10002 


Save Cancel 
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Start Offline Scanning 
Ready for your first scan? 


Ready for your first scan? 


Review option profiles 


The first thing you want to do is make sure you have option profiles in place. Click Option 
Profiles to see the option profiles that have been synced down to your account. Then 
select View from the Quick Actions menu to see specific scan settings. 


— My. Scanner. 08 | Help | Log out 
I E @ CLOUD SYNC Change mode v 
Qua YS. Scanner iS 
Jul 14, 2016 at 12:27 PM 
Scans Option Profiles Knowledge Base Settings 
3optonprofies T3 
[] Name Date 
C Initial Options EJ Aug 22 12:08:57 PM 
View 
] First Scan map 2-129037 PM 
[] Network Map Aug 22 12:08:57 PM 


Not seeing the profile you want? Log in to Qualys, go to Scans » Option Profiles, edit the 
profile(s) you want and select “Make this option profile available to all offline scanners”. 


Your option profiles will be saved to the 
New Option Profile s R 
—————————— Scanner UI during the next sync. This 


could take more than 10 minutes. 


Sasi Title: * Offine Scanning 


Map Caner [Pacer (oper ara ie) Want to check the status of the sync? Go 


aaa J Senses stmt umim"" to Scans > Appliances and choose Edit for 

(aimma) Your Offline scanner. Then go to the 
Option Profile Sync section. You may 

= hurry the process by clicking the Sync 


Now button. 


Switch modes and make network settings 


Before switching to the offline Scanning mode and moving the scanner to a secure air gap 
network, check that the scanner is connected and active. To check the status of the 
scanner go to Scans > Appliances and search for your scanner. If the scanner is in error 
state, you must resolve the error first. 


You'll need to switch to OFFLINE SCANNING mode. 


Choose Change mode to get started. 


© Qualys. Scanner € cLoup sync Change mode v 
. Scanne 


IP Address : 192.168.78.135 


Scans Option Profiles knowlege (@ansemoae — 7) 


Diagnostics Utilities 


M 


Restart Network Interface 
Configure Offline Static Ip. 
9 New Scan 
O Name Target Type Scan Status 


There are no records corresponding to filters, if any 
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Start Offline Scanning 
Ready for your first scan? 


Go to VMware to make network settings. 


Connectivity Mode 


Do not click the Switch Mode Now 
button. You'll do this later, after making 
settings in VMware. 


Switch to Offline Scanning Mode @ 


I'm ready to start an offline scan. What are the steps? 


Change the network settings. Your virtual machine settings must be configured to scan the offline 
network at this time. In VMware, we recommend these Network Adapter settings for Scanning Mode: 
Bridged: Connected directly to the physical network 
Replicate physical network connection state 


Click Switch Mode Now. We will temporarily suspend your virtual scanner 


Cancel Switch Mode Now 


EJ Offline-scanner- VMware Workstation 00000000 Bridged mode is required for offline 


File [Ear] View VM Tabs Hep | IM | | (D scanning. To configure bridging in 
y VMware, go to Edit > Virtual Network 


Librar Cut Ctrl-X x . 
Q Copy Ctrl+C i Editor. 
Paste Ctrl+V 
gh 


@ Virtual Network Editor... 
Preferences... Ctrl+P 


(4) qVSA-O.i386.open-2.219-1 
ET qVSA.i386.open-2.2.20-2-qweb 

I] qVSA.i386.open-2.2.20-2-DB test 
E Offline-scanner 

C31 Shared VMs 


(vus. EE è Click the Change Settings button. 


SS a Sa Administrator privileges are needed to 
a eee eee modify network configuration. 

Add Network Remove Network. 
VMnet Information 


Bridged (connect VMs directly to the external network) 


NAT (shared host's IP address with VMs) 


(&) Host-only (connect VMs internally in a private network) 


Connect a host virtual adapter to this network 
Host virtual adapter name: VMware Network Adapter VMneti 
Use local DHCP service to distribute IP address to VMs 


Subnet IP: 192.168.247. 0 Subnet mask: 255.255.255. 0 


po 
AÀ Administrator privileges are required to modify the network configuration. (i Change settings |) 
er 

Restore Defaults or Apply — | | Help-—) 
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@ Virtual Network Editor 


Name Type External Connection Host Connection DHCP Subnet Address 
VMnet Bridged Auto-bridging - - - 

VMneti — Hostonly - Connected Enabled 192.168.247.0 
VMnet8 NAT NAT Connected Enabled 192.168.78.0 


‘VMnet Information 
@ Bridged (connect VMs directly to the external network) 


ee — AA. 


Automatic 

NAT (shared Intel(R) Ethernet Connection 1217-M - Deterministic Network Enhancer Miniport 
VirtualBox Host-Only Ethernet Adapter - Deterministic Network Enhancer Miniport 

Host-only (Ct Intel(R) Dual Band Wireless-AC 7260 - Deterministic Network Enhancer Miniport 
Bluetooth Device (Per: 


Use local DHCP service to distribute IP address to VMs DHCP Settings. 


L9 )( ee ) (o .)[ 


Hep ) 


Virtual Machine Settings 


Hardware 


Options | 
Device Summary Device status 
[V] Connected 
ME memory 208 
LJ Processors 1 [V] Connect at power on 
Bard Disk (SCSI) 40.68 
coipvp DE. d Network connection 


@ Bridged: Connected directly to the physical network 
Replicate physical network connection state 


Fig Network Adapter NAT 
TE Network Adapter 2 Host-only 
display Auto detect 


NAT: Used to share the host's IP address 
C) Host-only: A private network shared with the host 
© Custom: Specific virtual network 

VMneto 


C) LAN segment: 


Cox) (cares) (ree) 


Connectivity Mode x 


Switch to Offline Scanning Mode @ 


I'm ready to start an offline scan. What are the steps? 


Change the network settings. Your virtual machine settings must be configured to scan the offline 
network at this time. In VMware, we recommend these Network Adapter settings for Scanning Mode: 
- Bridged: Connected directly to the physical network 

- Replicate physical network connection state 


Click Switch Mode Now. We will temporarily suspend your virtual scanner. 


Cancel 


Switch Mode Now 


Start Offline Scanning 
Ready for your first scan? 


Click on Bridged and choose the correct 
interface from the menu for Bridged type. 


Configure virtual machine settings. For 
“Network Adapter”, select the Bridged 
network connection and “Replicate 
physical network connection state”. Save 
your settings. 


Now that your network is configured for 
offline scanning, go back to the Web User 
Interface and click the Switch Mode Now 
button. We'll temporarily suspend your 
virtual scanner. Once suspended you are 
ready to move to a secure 
location/network. 


Note that now you can close the laptop 
flap cover if you wish to, but ensure that 
this does not turn off the laptop. Turning 
off or restarting either the virtual 
machine on which offline scanner is 
running or the laptop will set the scanner 
back to the CloudSync mode. 
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Connectivity Mode x 


Next Steps: Switch to Offline 


Scanning Mode 


Important: Do Not shut down your laptop (you can close it or put it in sleep or hibernate modes). 


1 


Connect your laptop to the secure 
air gap network you want to scan. 
DHCP services must be available on this 
network 


Cancel 


LM] 


2 


Resume the virtual scanner. 
Your scanner will connect to the network 
and get an IP address. 


File Edit View VM Tabs Hep | Ð ~| iurc 
Library x 


Q Type hereto search 


E IB] My Computer 

(5j Centos-6 * 

(A Sylvia Centos 

(5 RPMs-222-1 

(Fl qVSA-O.i386.open-2.2.19-1 

(5j) qVSA.i386.open-2.2.20-2-qweb. 

(5) qVSA.i386.open-2.2.20-2-DB test 

cu S 
£j Shared VMs 


Connectivity Mode x 


Next Steps: Switch to Offline 


pna H mI 


(Home x | EE My Computer > | (jj Offine-scanner = | 


i Offline-scanner 


D> Resume this virtual machine 
Ae virtual machine settings 


v Devices 
BR Memory 268 
[I Processors 1 


Hard Disk (SCS) 40GB 
ÉJ CD/DVD (IDE) Auto detect 
Network Adapter NAT 

Ea Network Adapte... Host-only 
llli Display Auto detect 


* Description 
Qualys Offline Virtual Scanner 


Appliance, build:qVSA-O.i386.open- 
2232 


Scanning Mode 


Important: Do Not shut down your laptop (you can close it or put it in sleep or hibernate modes). 


1 


Connect your laptop to the secure 
air gap network you want to scan. 
DHCP services must be available on this 
network 


2 


Resume the virtual scanner. 
Your scanner will connect to the network 
and get an IP address. 


Continue 


Start Offline Scanning 
Ready for your first scan? 


You'll see instructions on the screen to 
connect your laptop to the secure air gap 
network you want to scan and resume 


your scanner. 


Start up the virtual scanner by choosing 
Resume this virtual machine. 


Once your virtual scanner is resumed, 
click the Continue button. 
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EN @ OFFLINE SCANNING ) Chan; 


Jul 14, 2 


© Qualys. Scanner 


Option Profiles 


Target 


Scans Knowledge Base Settings 


[] Name Type s 


There are no records corresponding to filters, if any. 


Start your scan 


Start Offline Scanning 
Ready for your first scan? 


The scanner is now in OFFLINE 
SCANNING mode. Click the New Scan 
button to start your new scan. 


Warning: 


Do not restart or shut down the laptop or 
Scanner virtual machine until the 
scanning in the Offline mode is 
completed in the secure environment. 


If the laptop is restarted, the scanner 
would need to be brought back into a 
connected environment for it to sync 
back with Qualysguard platform and 
authenticate itself. If the scanner is in 
this state, then repeat all the steps for 
switching the scanner to the offline 
scanning mode. 


You'll see the New Scan window. Give your scan a name, enter a scan target (IPs to scan), 
select an option profile, and optionally provide authentication credentials. Click Scan. 


Start Scan 
Name this scan 


My First Offline Scan 


Scan Type 


Vulnerability Scan ¥ 


Choose your targets to scan 


IPs / Ranges 10.10.24.24, 10.10.31.169-10.10.31.170 


Exclude IPs / Ranges 
Option Profile Initial Options - 


Authentication (optional) 


Add Windows Authentication Record 
Add Linux Authentication Record 


Cancel 


Tip - You can provide both Windows and 
Linux authentication credentials. We'll 
automatically use the Windows 
credentials on your Windows hosts (in 
the scan target) and the Linux credentials 
on your Linux hosts. 


Your scan will appear on the scans list where you can track the progress and view the 


results when the scan is finished. 
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View scan results 


Select View for any finished scan to see scan results. 


SCANNER MODE: @ OFFLINESCANNING Change mode v 
10.100.16.106 Last synced Aug 22, 2016 at 1:24 PM 


© Qualys. Scanner 


Scans 


IPAddress 


Option Profiles Knowledge Base Settings 


[=] Search 


9 New Scan 
Name Target Type 
My First Offline Scan B 10.10.24.24, 10.10.31.169-10.10.31.170 — Vulnerability Finished 
| 
Mark for upload 
© Relaunch scan 
Download scan 
Cancel 


Delete 


Scan Status Scan Date 


Start Offline Scanning 
View scan results 


My. Scanner. 08 | Help | Log out 


Q 
o 


1 scans 


Upload Status Upload Date 


Aug 22 01:08:23 PM 


You'll see Scan Details - scan target, total hosts scanned, total vulnerabilities found, scan 
duration (how long the scan was actively running), etc. This is followed by a list of scanned 
hosts. Select View for any host to see host results. 


© Qualys. Scanner 


Scans 


SCANNER MODE: @ OFFLINE SCANNING Change mode v 
IPAddress : 10.100.16.106 Last synced Aug 22, 2016 at 1:24 PM 
Option Profiles 


Knowledge Base Settings 


My_Scanner_08 | Help | Log out 


Scan : My First Offline Scan View Option Profile 


B 


Search 


Scan Details Total Hosts 


3 


10.10.24.24, 10.10.31.169-10.10.31.170 Active Hosts 

. Excluded Hosts 
Dead Hosts 
Authentication Failed 


Target 
Excluded Ips 
Scan Duration 
Upload Status 


5 minutes 


IP DNS Operating System 


10.10.31.170 Windows 2008 R2 Enterprise Service Pack 1 


WIN-31-170.qualys.com 


10.10.31.169 WIN-31-169 qualys.com Windows 2008 R2 Enterprise Service Pack 1 
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Vulnerabilities 


19 


Confirmed 
Potential 
Info Gathered 


Status Total Vulns 
Finished 12 


Finished 7 


Start Offline Scanning 
View scan results 


The host details are followed by a list of vulnerabilities and information gathered QIDs 
detected on the host. You can drill down further by selecting View for any QID to see 
threat details and scan results. 


My. Scanner. 08 | Help | Log out 


SCANNER MODE: @ OFFLINE SCANNING Change mode v 
© Qualys. Scanner 


IPAddress : 10.100.16.106 Last synced Aug 22, 2016 at 1:24 PM 


Scans Option Profiles Knowledge Base Settings 


5 Host : 10.10.31.169 
(=) Search. Q 


Host Details Total Vulnerabilities Confirmed Potential Info. Gathered 


DNS Name WIN-31-169.qualys.... 
NetBIOS Name — WIN-31-169 
Operating System Windows 2008 R2 Enterprise Service ... 


34findings 4 


Title Port Severity 


Windows Remote Desktop Protocol Weak Encryption Method Allowed 3389/tcp E 
tvare Accessible 


SSL Certificate - Signature Verification Failed Vulnerability 3389/tcp 


um 
um 
ICMP Timestamp Request È a 
SSL/TLS use of weak RC4 cipher 3389/tcp a 
SMB Signing Disabled or SMB Signing Not Required babe 
NetBIOS Bindings Information 

Open DCE-RPC / MS-RPC Services List 


Operating System Detected 


0/0/0/0/0/0/0/0/0/| 20g 


Firewall Detected 


The Threat Details include specific scan results returned for the QID on the host. 


Threat Details x 


WIN-31-169.|  QID: 90882 
a WIN-31-169 | Title: Windows Remote Desktop Protocol Weak Encryption Method Allowed 
em Windows 20| 
Cvelds: 
Severity : 
Result: RDP Supported Encrytion methods: RC4(40 bit),RC4(56 bit) 


Cancel 


When you're done viewing results, close the Threat Details window and click the Back 
arrow in the blue bar to go back screen by screen. 
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Start Offline Scanning 
Download scan results 


Download scan results 


Just choose the Download scan option for any finished vulnerability scan (not supported 
for map scans). You'll get a CSV report listing the OIDs detected on each scanned host 
along with info like the type, severity and specific scan results for each QID. 


Good to Know- The Download scan option is disabled once the scan has been uploaded to 
your account, so you'll want to download results before uploading them. 


My. Scanner. 08 | Help | Log out 
| © Qualys. Scanner @ OFFLINESCANNING Change mode v se Mu 
. Scanne 
Aug 22, 2016 at 1:24 


24 PM 


Scans Option Profiles Knowledge Base Settings 


9 New Scan 1 scans 12 


C] Name Target Type ScanStatus Scan Date Upload Status Upload Date 


My First Offline Scan E 10.10.24 24, 10.10.31.169-10.10.31.170 Vulnerability Finished Aug 22 01:08:23 PM 
View 


Download scan 


Delete 


Upload scan results 


This will allow you to view your vulnerability scan results in your Qualys account and 
create reports based on the findings. Only vulnerability scans can be uploaded, not map 
scans. Be sure you have Internet access to connect to the Qualys Cloud Platform. 


A few things to consider... 


- Be sure to review and edit your network settings in VMware before switching to CLOUD 
SYNC mode. That way, when your scanner is resumed it will get the correct IP address 
assigned to it and you'll be able to connect to the Qualys Cloud Platform. Learn more 


- Any scanned IP that is not already in your account will be added to your account (and 
will count against your total IPs allowed). 


- Once uploaded, the full scan results will no longer be available in the Scanner’s Web UI. 
You will, however, still see scan summary information. 


- The scan duration that appears in the Scanner’s Web Ul is not the same duration you'll 
see in the Qualys UI after the scan upload. The duration that appears in the Scanner's Web 
UI when you view scan details represents the scan run time (how long the scan was 
actively running). The duration that appears in Scan Reports in the Qualys UI (after the 
scan upload) represents the time it took to upload and process the scan results. This does 
not include the scan run time because the scan occurred offline. 
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Start Offline Scanning 
Upload scan results 


Avoid upload issues 


- Do not reboot or reset the scanner between finishing the scan and uploading results. 
Rebooting will cause cleanup of some scan data and this will result in upload failure. 
Make sure to strictly perform only suspend and resume to switch from offline to online 
states when marking scan for upload. 


- Do not attempt the "Reconnect to Datacenter" option from the scanner console after 
finishing the scan and before scan data is completely uploaded. This option would 
interrupt the upload and upload will not complete. 


- Avoid network issues by making sure you have selected the correct network cable and 
network adapter before resuming the scanner in CLOUD SYNC mode. 


What are the steps? 


Click "Change mode" at the top of the page and switch to CLOUD SYNC mode. We'll 
connect to the Qualys Cloud Platform - this may take a few minutes. Once successfully 
connected, you're ready to continue. 


Select the scan you want to upload from the Scans list, and choose “Mark for upload" from 
the quick actions menu. The scan will be uploaded the next time you sync. (Tip - If you 
change your mind, go back to the quick actions menu and choose "Unmark for upload" 
before the sync happens.) 


My. Scanner. 08 | Help | Log out 


© Qualys. Scanner @ CLOUD SYNC Change mode v | 
. Sca 


016 at 1:24 PM 


Scans Option Profiles Knowledge Base Settings 


Q 


9 New Scan 1 scans 13 


O Name Target Type ScanStatus Scan Date Upload Status Upload Date 
L1 MyFirst Offline Scan E 10.10.24.24, 10.10.31.169-10.10.31.170 Vulnerability Finished Aug 22 01:08:23 PM 
View 
Mark for upload 
€ Relaunch scan 


Download scan 


Delete 
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Start Offline Scanning 
Discover live devices on your network 


Discover live devices on your network 


Run a map scan to get a visual map of your network devices. Once you know the devices 
on your network, you can scan them for vulnerabilities. 


Go to Scans and click New Scan (you'll need to switch to OFFLINE SCANNING mode if 
you re not already there). In the New Scan window, select the type Map Scan, enter the 
domain and netblocks you want to map and choose an option profile. Then click Scan. 


Start Scan 
Name this scan 


My First Map Scan 


Scan Type 


Map Scan M 


Choose your targets to scan 


Domain nodomain.qualys.com 


Netblocks 10.10.10.7-10.10.10.65 
Option Profile Network Map - 


Cancel 


Tip - Want to map IPs and IP ranges 
without a domain name? Enter 
nodomain.qualys.com in the Domain 
field and your IPs in the Netblocks field, 
as shown in this example. 


When your map scan is finished, select View to see the results. Check it out. 


Scan : My First Map Scan view Option Profile 


Re e listed with the total number of findings 


m Search results | 
sorted by IP address. iiis 


"tss... Take actions on hosts 
Total Hosts in Domain 


12 


Operating System Families 
windows ES ^ue B 


mec = B Brower B 


Unknown [0 


Y. 
Actions (1) Tools v ^s... Search for hosts by IP, hostname, 
= other attributes 


Map [E9 -= 


Click any host to view host 
details in the Preview 


(Uy 10.10.10.65 / krb5-qualyscom 


N/A | OS: Linux 24.26 | Lastscar: N/A (Not available to scan) 


Discovery Method 
DNS ICMP TCPPORT111 TCPPORT 111 TCPPORT22 TCPPORT22 TCPRST TCPRST 


Want to learn more? Our Community has an article that explains the map images, how 


to change your map layout, and more. 


From our Community 


New Maps 
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VMware Configuration 


VMware Configuration 


The Qualys Offline Scanner Appliance should be configured with two virtual network 
adapters using your virtualization platform (i.e. VMware Workstation). 


Your virtualization software should 
automatically create an instance of the 
appliance with the correct network adapters 
in place. 


Virtual Machine Settings 


| Hardware | Options | 


Dene On VMware Workstation, these interf 
= ; n Ware Or. station, t ese interfaces 


linen will be Network Adapter and Network 

C Hard Disk (SCS Adapter 2. Initially, Network Adapter should 
default as type NAT; and Network Adapter 2 
should default as type Host-only. 


Network Adapter 1 must be configured for Bridged networking when in OFFLINE 
SCANNING MODE. It can be NAT or Bridged when in CLOUD SYNC MODE. Network 
Adapter 2 should always be configured for Host-only networking. 


Here are the required network settings, depending on the mode you're in. 


VMware Appliance Appliance Purpose Required Connect Local 
Worksta- OS Mode VMware a host DHCP 
tion default network virtual service 
label type adapter 
Virtual Network etho CLOUD Communicate NAT* enabled enabled 
NIC 41 Adapter SYNC with the -Or - 
Qualys Cloud Bridged* n/a n/a 
Platform 
OFFLINE Scan hosts Bridged™ n/a n/a 
SCANNING 
Virtual Network eth1 any Localscanner  Host-only enabled enabled 
NIC #2 Adapter 2 web UI 


* NAT configuration. NAT is practically the only choice if your external connection goes 
over a VPN. Bridging from a virtual machine will not work over host VPN adapters. 
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™ Bridging to external networks. VMware 
Workstation may be installed on a host 
system with multiple network adapters 
(wired, wireless, VPN). In the Virtual 
Network Editor, you'll need to determine 
which network adapter is appropriate for 
the external connection and select it. We 
do not recommend leaving the Bridged 
virtual network in "Automatic" mode 
because it almost never works and it is 
often problematic over wireless adapters. 


Sample network configurations 


Host-only type 


VMnet Information 
(© Bridged (connect VMs directly to the external network) 


Bridged to: | Intel(R) 82579LM Gigabit Network Connection 


7) NAT (shared host's IP address with VMs) 
@ Host-only (connect VMs internally in a private network) 
[V] Connect a host virtual adapter to this network 
Host virtual adapter name: VMware Network Adapter VMnet0 
VV] Use local DHCP service to distribute IP address to VMs DHCP Settings... 


Subnet IP: 192.168. 37.0 Subnetmask: 255.255.255. 0 


NAT type 


VMnet Information 
(C) Bridged (connect VMs directly to the external network) 


Bridged to: | Intel(R) 82579LM Gigabit Network Connection 


@ NAT (shared host's IP address with VMs) 


©) Host-only (connect VMs internally in a private network) 

[V] Connect a host virtual adapter to this network 

Host virtual adapter name: VMware Network Adapter VMnet0 

VV] Use local DHCP service to distribute IP address to VMs DHCP Settings... 


Subnet IP: 192.168. 37.0 Subnetmask: 255.255.255. 0 


Bridged type 


VMware Configuration 


@ Virtual Network tt 


| Name 

| VMneto 

| VMneti 
VMnet8 
VMnet9 


Type External Connection Host Connection 
Bridged Broadcom 802. 11n Network... - 

Host-only - Connected 

NAT NAT Connected 
Custom - 


DHCP 


Enabled 


Enabled 
Enabled 


Connect a host virtual adapter to this network 


If you've plugged into the physical network with an Ethernet cable, it is strongly 
recommended that you manually bridge your virtual network to the physical NIC of your 


host machine. 


VMnet Information 
© Bridged (connect VMs directly to the external network) 
Bridged to: [Automatic 0 T [Automatic setings.. 
2 Automatic 
(C) NAT (shared paren mre AT Settir 


Connect a host virtual adapter to this network 
st virtual adapter name: VMware Network Adapt 


Use local DHCP service to distribute IP address to VMs DHCP Settings. 
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Leaving the “Bridged to:” setting 
in Automatic mode allows for the 
possibility that your virtual 
network will instead bind to a 


VPN port or other network 


adapter. 


Troubleshooting 


Troubleshooting 


You can use our diagnostic tools available at Offline scanner Web UI under "Change mode" 
to troubleshoot basic issues. 
Scanner failed to detect scan targets 


If the scanner is unable to detect scan targets then use our Diagnostics Utilities under 
Change mode to Ping or Trace Route by IP address or DNS name to check if the scanner is 
able to establish a connection with the scan targets. If the scanner is unable to connect 
then check for network connectivity issues. 


Go to Change mode » Diagnostics Utilities. 


9 QUALYS' SCANNER e: 


scans 


On the Diagnostics Utilities screen provide the IP address or DNS name of the scan target 
and then click Ping or Trace Route. 


O Quas SCANNER O omine aene 


You can also use the Change mode > Restart Network Interface option to resolve the 
connectivity issue between the scanner and scan targets. Caution: Do not perform this 
activity during an ongoing scan or during a scan upload as it would break the scanner 
connection with the scan targets and the scan or upload process will be interrupted 
permanently. 
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